What Might Google Do With Data from Chrome OS?

In early December, Google sent out thousands of free laptops as part of a program to test Chrome OS, an operating system that relies on the Internet for all its software applications.

Computers running Chrome OS don’t let users download data or install applications. Instead, everything happens in the cloud. So the laptop—called the CR-48—needs very little storage space, but it requires a constant Internet connection, and it has 3G wireless connectivity built in.

The design of Chrome OS changes such fundamental things as where a user’s data resides and how it is managed. It also gives Google access to an unprecedented amount of user data. The company hasn’t said how it will use this information, but some clues can be found in the company’s previous products and in the rights it has reserved in the Chrome OS terms of service.

Google makes the vast majority of its billions of dollars of annual income by delivering advertising tailored to its users’ behavior and interests as revealed by their searches, the contents of their e-mail messages, and their browsing history. Chrome OS could take this to the next level.

“With Chrome OS, Google can obtain deeper system information like specific user behaviors, if they wanted to,” says DanielCawrey, an IT analyst and editor of thechromesource, a website that has been tracking the development of Chrome OS.

Google’s terms of service give it the right to use the information it collects for advertising purposes if it chooses to head in that direction. The terms note that “some of [Google’s] services are supported by advertising revenue and may display advertisements and promotions. These advertisements may be targeted to the content of information stored on the services, queries made through the services, or other information.” They go on to specify that Google can at any time modify or extend how and when advertising is delivered and that users must agree to let Google advertise in consideration for granting use of its services.

Google’s Chrome Web browser—a closely related product that runs on other operating systems—also collects information from users, but it uses this to improve the software, rather than to target advertising. Google has published a document that explains what data is collected via the Chrome browser. “Information that Google receives when you use Google Chrome is processed in order to operate and improve Google Chrome and other Google services,” according to the Chrome browser’s privacy policy. In future, however, advertising could conceivably be included under the umbrella of “other Google services.” The Chrome browser does collect information that is of interest to advertisers, such as location data and browsing history.

The prototype laptops issued by Google send a lot of information back to headquarters, Cawrey notes, but much of this is intended to help get the CR-48 ready for commercial release. It’s uncertain how much information Google will collect once the testing period is over, he says.

Google emphasizes that users are given many ways to opt out of data collection, even during the testing period. They can do this temporarily, by using “guest mode,” or permanently, by choosing the appropriate option in the end-user license agreement.

In guest mode, Google stores all the data from the session in the cloud on a hard drive that is wiped after the user logs out. As with the Chrome browser, users can also browse the Web in “incognito mode,” in which their browsing activity isn’t recorded.

“Whether Chrome OS is a great operating system from a privacy point of view or a terrible operating system from a privacy point of view depends on your threat model,” says PeterEckersley, a senior staff technologist with the ElectronicFrontierFoundation, a civil-liberties group that focuses on rights in the digital world. He explains that turning your data over to any company will prevent hackers from stealing it from your home computer, and it could even help dissidents in countries such as China and Iran cover their tracks. However, Eckersley notes that it also leaves the data vulnerable to possible abuses by the company storing it, whether it chooses to use it for advertising purposes or is compelled to surrender it under a government subpoena.

Eckersley says that additional privacy protections could be added to the Chrome browser and Chrome OS to protect users. He points to an extension for the Firefox Web browser that uses an anonymizing networking called Tor. Eckersley notes that the Chrome OS security model prevents the installation of software not approved by Google. While this does provide good security, he says, he is concerned that it could result in users having no control over what is and isn’t stored on their devices.

If Google does begin using Chrome OS data to target advertising, it’s unlikely to deter users who are like the operating system. “This is the slippery slope we’re on,” Cawrey says. “Will users accept targeted ads in exchange for cheaper, faster PCs? I think they will.”